Pam and multiple requiste satements!

Mike Woods Mike at the-rubber-chicken-network.co.uk
Wed Oct 5 10:21:43 PDT 2005


Im trying to configure pam to auth *twice* with pam_ldap (since pam_ldap 
seems incapable of using multiple filters), anyway i have the pam conf 
file listed below but even if I set either of the queried attributes to 
false (basicly using 2 queries for access control) it seems that as long 
as one of them authenticates properly then it goes through as ok, I had 
looked at using pam_if with pam_deny as another way of doing this but 
pam_if seems to have gone away long ago.

So, the question, is there any I can force pam to authticate against 
both of these and fail if either does ?

auth            requisite     
/mail/pam_ldap/enabled/lib/pam_ldap.so           debug
auth            requisite     
/mail/pam_ldap/imap/lib/pam_ldap.so              debug use_first_pass
account         required      
/mail/pam_ldap/imap/lib/pam_ldap.so              no_warn

Both instances of pam_ldap are configured to use seperate config files 
with different pam_filter settings.

---------------------
Mike Woods
Systems Administrator


More information about the freebsd-questions mailing list